{"vulnerability": "CVE-2023-3404", "sightings": [{"uuid": "3caba75a-326b-467c-9dee-0c135c1463f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34049", "type": "seen", "source": "https://t.me/cvedetector/10905", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-34049 - \"Salt-SSH Predictable Pre-flight Script Path Remote Code Execution\"\", \n  \"Content\": \"CVE ID : CVE-2023-34049 \nPublished : Nov. 14, 2024, 5:15 a.m. | 20\u00a0minutes ago \nDescription : The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH.\u00a0Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails. \nSeverity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-14T06:37:10.000000Z"}, {"uuid": "df798f68-95eb-4e4a-84f9-1e88cc3dc7f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34045", "type": "seen", "source": "Telegram/-PrVu0hGZOasiJR46lFOi3vqG1z4yZyipIVmCqO5qP_T0wpd", "content": "", "creation_timestamp": "2025-03-08T04:35:52.000000Z"}, {"uuid": "701ad23d-016e-4354-a288-5c8c0cfaa39e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34046", "type": "seen", "source": "Telegram/SfjA6yTDw01StZPmvzsbFfffNl6PGWmTM7Wl0-h93kDeBzQA", "content": "", "creation_timestamp": "2025-03-08T04:35:52.000000Z"}, {"uuid": "2c05181d-191b-44b2-9ad8-0d96cd916d79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34045", "type": "seen", "source": "https://t.me/cibsecurity/72688", "content": "\u203c CVE-2023-34045 \u203c\n\nVMware Fusion(13.x prior to 13.5)\u00c2\u00a0contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade.\u00c2\u00a0A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-20T14:35:07.000000Z"}, {"uuid": "fc7366c3-e57b-457b-add5-4bfe5ae3a0c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/IntrusionExploit/285", "content": "Broadcom has discovered and fixed a critical vulnerability in VMware vCenter Server (CVE-2024-38812). This vulnerability allows attackers to execute code remotely on unpatched hosts by sending a specially crafted network packet.\n\nAttackers can exploit this vulnerability remotely, without authentication, through low-skill attacks.\n\nCVE-2024-38812 - Originates from a memory overflow vulnerability in vCenter's DCE/RPC implementation, affecting multiple products such as VMware vSphere and VMware Cloud Foundation.\n\nExperts recommend:\nUpdate now: Security patches are available through the standard vCenter Server update mechanism. To protect your organization, install the updated versions listed in the \"VMware Security Bulletin\".\nAccess Control: If you cannot apply the update immediately, strictly control edge access to vSphere management components.\nBroadcom has also confirmed that there are no known exploits of CVE-2023-34048 at this time. However, always be cautious and take additional security measures.\nAdditionally, Broadcom has patched another elevation of privilege vulnerability (CVE-2024-38813) that could allow an attacker to gain root access to an affected host.\nMake sure you take the necessary steps to protect your systems!", "creation_timestamp": "2024-09-19T08:05:25.000000Z"}, {"uuid": "0acafe58-168a-456b-99cd-1f2e3bab044e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/arpsyndicate/76", "content": "#ExploitObserverAlert\n\nCVE-2023-34048\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-34048. vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.\n\nFIRST-EPSS: 0.001660000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-11T04:11:24.000000Z"}, {"uuid": "2f2330d5-99df-4022-916f-210462b9397d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "published-proof-of-concept", "source": "Telegram/x20mxJfhk51ZsXAZDj8Y55Mktq1sEZKz__KzSdkmcHOg6g", "content": "", "creation_timestamp": "2023-10-25T14:11:44.000000Z"}, {"uuid": "349102e8-b5ba-4984-a83c-a645dc08ca39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/KomunitiSiber/980", "content": "Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability\nhttps://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html\n\nVMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems.\nThe issue, tracked as\u00a0CVE-2023-34048\u00a0(CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the\u00a0DCE/RPC protocol.\n\"A malicious actor with network access to vCenter Server may trigger an out-of-bounds", "creation_timestamp": "2023-10-25T13:14:53.000000Z"}, {"uuid": "23610799-f7be-42a7-87aa-faf4171d473b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "Telegram/wQTtnJs4bu2qpdkfBduUtEA8WULI7A-GTXrtlXHlEfx64Q", "content": "", "creation_timestamp": "2023-09-30T04:25:30.000000Z"}, {"uuid": "2597bc1f-0906-4119-b800-3a57239821c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "seen", "source": "https://t.me/proxy_bar/1740", "content": "CVE-2023-34040\nSpring-Kafka-Deserialization RCE\nPOC\n\n#apacheKafka", "creation_timestamp": "2023-09-29T20:24:24.000000Z"}, {"uuid": "2265d7ca-649a-436f-b3c4-43f34e0043da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "published-proof-of-concept", "source": "https://t.me/breachdetector/427083", "content": "{\n  \"Source\": \"https://exploit.in/\",\n  \"Content\": \"CVE-2023-34048: zero-day, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0430\u0439\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0441\u044f \u043e\u043a\u043e\u043b\u043e \u0434\u0432\u0443\u0445 \u043b\u0435\u0442\", \n  \"author\": \"News Support\",\n  \"Detection Date\": \"23 Jan 2024\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2024-01-23T08:26:50.000000Z"}, {"uuid": "3ef176a5-0d8b-4f65-95a0-46ff574b5f8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://t.me/true_secator/5318", "content": "\u041d\u0430\u0448\u0438 \u043f\u0440\u043e\u0433\u043d\u043e\u0437\u044b \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438 \u0438 \u0432 Mandiant: \u0431\u0430\u0433 \u0432 VMware vCenter Server (CVE-2023-34048) \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 \u0438 \u043d\u0435 \u043c\u0430\u043c\u043a\u0438\u043d\u044b\u043c\u0438 \u0445\u0430\u0446\u043a\u0435\u0440\u0430\u043c\u0438, \u0430 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 UNC3886, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0436 \u0441 \u043a\u043e\u043d\u0446\u0430 2021 \u0433\u043e\u0434\u0430, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u043e\u043d\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2023 \u0433\u043e\u0434\u0430. \n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Mandiant \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043f\u0443\u0442\u0438 \u0430\u0442\u0430\u043a \u0438 \u0444\u043e\u043a\u0443\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043d\u0430 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u044f\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e EDR.\n\nUNC3886 \u0443\u0436\u0435 \u043d\u0438 \u0440\u0430\u0437 \u043e\u0442\u043c\u0435\u0447\u0430\u043b\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c 0-day \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u0432\u043e\u0438\u0445 \u0437\u0430\u0434\u0430\u0447, \u043e \u0447\u0435\u043c \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \u0438\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0442\u0430\u043a\u0442\u0438\u0447\u043d\u043e \u0438 \u0431\u0435\u0437 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f.\n\n\u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b, \u043f\u0435\u0440\u0435\u0434 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435\u043c \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u043b \u0432\u044b\u0445\u043e\u0434 \u0438\u0437 \u0441\u0442\u0440\u043e\u044f \u0441\u043b\u0443\u0436\u0431\u044b \"vmdird\", \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u043e\u0439 \u0432 \u0436\u0443\u0440\u043d\u0430\u043b\u0430\u0445 \u0441\u0431\u043e\u0435\u0432 \u0441\u043b\u0443\u0436\u0431\u044b VMware, /var/log/vonCoreduper.log \u0438 \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0441\u0440\u0435\u0434, \u0433\u0434\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0438\u0441\u044c \u044d\u0442\u0438 \u0441\u0431\u043e\u0438, \u0437\u0430\u043f\u0438\u0441\u0438 \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u0431\u044b\u043b\u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u044b, \u043d\u043e \u0441\u0430\u043c\u0438 \u0434\u0430\u043c\u043f\u044b \u044f\u0434\u0440\u0430 \"vmdird\" \u0431\u044b\u043b\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u044b.\n\n\u0412 \u0442\u043e \u0432\u0440\u0435\u043c\u044f, \u043a\u0430\u043a \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 VMware \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0445\u0440\u0430\u043d\u044f\u0442 \u0434\u0430\u043c\u043f\u044b \u044f\u0434\u0440\u0430 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0438\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043d\u0435 \u043d\u0430\u0434\u043e \u0438\u043c\u0435\u0442\u044c \u0441\u0435\u043c\u044c \u043f\u044f\u0434\u0435\u0439 \u0432\u043e \u043b\u0431\u0443, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043d\u044f\u0442\u044c, \u0447\u0442\u043e \u0434\u0430\u043c\u043f\u044b \u044f\u0434\u0440\u0430 \u0431\u044b\u043b\u0438 \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0432 \u043f\u043e\u043f\u044b\u0442\u043a\u0435 \u0441\u043a\u0440\u044b\u0442\u044c \u0438\u0445 \u0441\u043b\u0435\u0434\u044b.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u043d\u0430 \u043f\u0430\u0440\u0443 \u0441 VMware \u0438 Mandiant \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 vCenter 8.0U2.", "creation_timestamp": "2024-01-22T16:31:32.000000Z"}, {"uuid": "46929a44-2f14-4573-a930-04c2f36464a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://t.me/true_secator/5312", "content": "\u041f\u0440\u043e\u0448\u043b\u043e\u0433\u043e\u0434\u043d\u044f\u044f \u043e\u043a\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 VMware vCenter Server \u0442\u0435\u043f\u0435\u0440\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u0438 \u0434\u0430\u0431\u044b \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u0442\u044c \u044d\u0442\u043e\u0442 \u0444\u0430\u043a\u0442 VMware \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0441\u0432\u043e\u0438 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \n\n\u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0447\u0442\u043e CVE-2023-34048 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 DCERPC \u0438 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u0438\u043c\u0435\u044e\u0449\u0435\u043c\u0443 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a vCenter Server, \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u0431\u044b\u043b\u0430 \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439, \u0447\u0442\u043e \u0432 VMware \u0440\u0435\u0448\u0438\u043b\u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0430\u0436\u0435 \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u0441\u0440\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438\u0441\u0442\u0435\u043a.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Shadowserver Foundation, \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0432 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0441\u043e\u0442\u043d\u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 VMware vCenter Server.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e PoC \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043d\u0435\u0442, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0441 \u0434\u0435\u043a\u0430\u0431\u0440\u044f \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c VMware vCenter Server \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0440\u0435\u0432\u0438\u0437\u0438\u044e, \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0441 \u0443\u0447\u0435\u0442\u043e\u043c \u0432\u0441\u0435\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430.", "creation_timestamp": "2024-01-19T15:02:16.000000Z"}, {"uuid": "f71f25ac-2dc4-4a7e-93d4-8bf286edc623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/true_secator/5008", "content": "VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 vCenter Server.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a\u00a0CVE-2023-34048\u00a0\u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS: 9,8, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0413\u0440\u0438\u0433\u043e\u0440\u0438\u0435\u043c \u0414\u043e\u0440\u043e\u0434\u043d\u043e\u0432\u044b\u043c \u0438\u0437 Trend Micro Zero Day Initiative.\n\n\u041e\u043d\u0430 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430\u00a0DCE/RPC, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u0438\u043c\u0435\u044e\u0449\u0438\u043c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a vCenter Server, \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE.\n\n\u0412 VMware \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0445 \u043f\u0443\u0442\u0435\u0439 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442, \u043a\u0440\u043e\u043c\u0435 \u043a\u0430\u043a \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u041f\u041e: VMware vCenter Server 8.0 (8.0U1d \u0438\u043b\u0438 8.0U2), \u0421\u0435\u0440\u0432\u0435\u0440 VMware vCenter 7.0 (7.0U3o) \u0438 VMware Cloud Foundation 5.x \u0438 4.x.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043c\u0435\u0440 \u043f\u043e \u0435\u0435 \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e, \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b \u043f\u0430\u0442\u0447 \u0434\u043b\u044f vCenter Server 6.7U3, 6.5U3 \u0438 VCF 3.x.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 CVE-2023-34056 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 4,3), \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0447\u0430\u0441\u0442\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0432\u043b\u0438\u044f\u044e\u0449\u0443\u044e \u043d\u0430 vCenter, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043d\u0435\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c.\n\n\u041a\u0430\u043a \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442\u00a0VMware, \u0435\u0439 \u043d\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043d\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0438 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043b\u044e\u0431\u044b\u0445 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437.", "creation_timestamp": "2023-10-26T12:34:20.000000Z"}, {"uuid": "508f5d52-321b-41f0-9b16-ceea1a571770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4393", "content": "Roundcube CVE-2023-43770 POC : Check\n\nCVE-2023-34040 RCE Exploit : Check\n\nNightmangle: Telegram Command And Control (C2) Agent : Check", "creation_timestamp": "2023-09-30T04:24:47.000000Z"}, {"uuid": "e17cd350-f2d5-455d-94da-5e2e4039d185", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34042", "type": "seen", "source": "https://t.me/ctinow/196540", "content": "https://ift.tt/Y6wplMP\nCVE-2023-34042 | VMware Spring Security up to 5.7.10/5.8.6/6.0.6/6.1.3 on Critical spring-security.xsd permission assignment", "creation_timestamp": "2024-02-29T11:56:09.000000Z"}, {"uuid": "c7a0d5f2-59b4-43ae-8675-e8e66bc500d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34042", "type": "seen", "source": "https://t.me/ctinow/179773", "content": "https://ift.tt/rMIR4Wk\nCVE-2023-34042", "creation_timestamp": "2024-02-06T06:46:51.000000Z"}, {"uuid": "88a16f9a-0b5f-481f-bc94-1e38edb90ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "seen", "source": "https://t.me/cibsecurity/69115", "content": "\u203c CVE-2023-34040 \u203c\n\nIn Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers.Specifically, an application is vulnerable when all of the following are true: * The user does not\u00c2\u00a0configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topicBy default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-24T16:14:54.000000Z"}, {"uuid": "960de4e5-96a7-4d2c-8898-a82efeb0ffc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://t.me/information_security_channel/51363", "content": "VMware vCenter Server Vulnerability Exploited in Wild\u00a0\nhttps://www.securityweek.com/vmware-vcenter-server-vulnerability-exploited-in-wild/\n\nVMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild.\u00a0\nThe post VMware vCenter Server Vulnerability Exploited in Wild\u00a0 (https://www.securityweek.com/vmware-vcenter-server-vulnerability-exploited-in-wild/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-01-19T12:49:01.000000Z"}, {"uuid": "26074fa0-26ff-4080-be41-34a957ccc995", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://t.me/information_security_channel/51373", "content": "Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021\nhttps://www.securityweek.com/chinese-spies-exploited-vmware-vcenter-server-vulnerability-since-2021/\n\nCVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half.\nThe post Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 (https://www.securityweek.com/chinese-spies-exploited-vmware-vcenter-server-vulnerability-since-2021/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-01-22T13:41:23.000000Z"}, {"uuid": "f4c025dc-9ce7-48a5-9b49-299902abd5cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://t.me/xakep_ru/15270", "content": "\u041a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0435 \u0445\u0430\u043a\u0435\u0440\u044b \u0434\u0432\u0430 \u0433\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 0-day \u0432 VMware vCenter Server\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Mandiant \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0430\u044f \u0445\u0430\u043a-\u0433\u0440\u0443\u043f\u043f\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 VMware vCenter Server (CVE-2023-34048) \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 0-day \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 \u043a\u043e\u043d\u0446\u0430 2021 \u0433\u043e\u0434\u0430.\n\nhttps://xakep.ru/2024/01/22/unc3886-vmware-vcenter-server/", "creation_timestamp": "2024-01-22T16:19:04.000000Z"}, {"uuid": "20516b22-b968-4863-821d-34cdb527c1fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/SecLabNews/14764", "content": "IT-\u043a\u043e\u043d\u0441\u0443\u043b\u044c\u0442\u0430\u043d\u0442\u0430 \u043d\u0430\u043a\u0430\u0437\u0430\u043b\u0438 \u0437\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 700 000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432\n\n\ud83d\udcac \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0441\u0442 \u0431\u044b\u043b \u043e\u0448\u0442\u0440\u0430\u0444\u043e\u0432\u0430\u043d \u043d\u0430 \u20ac3 000 \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u0447\u0442\u0438 700 000 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432.\n\n\u26a1\ufe0f \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 CVE-2023-34048 \u0438 \u043e\u0446\u0435\u043d\u043a\u0443 9.8 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0443 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u043b\u043e\u043a\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434.\n\n\ud83d\udc40 \u041e\u043a\u0440\u0443\u0436\u043d\u043e\u0439 \u0441\u0443\u0434 \u043e\u0448\u0442\u0440\u0430\u0444\u043e\u0432\u0430\u043b \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430, \u0441\u0447\u0438\u0442\u0430\u044f \u0435\u0433\u043e \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043d\u0435\u0437\u0430\u043a\u043e\u043d\u043d\u044b\u043c\u0438, \u0445\u043e\u0442\u044f \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0430 \u043d\u0435 \u0437\u043b\u043e\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u044b\u043c\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f\u043c\u0438.\n\n#\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #\u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u043c\u0430\u0433\u0430\u0437\u0438\u043d #IT\u041a\u043e\u043d\u0441\u0443\u043b\u044c\u0442\u0430\u043d\u0442 #\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\n\n@CyberStrikeNews", "creation_timestamp": "2024-01-22T15:22:26.000000Z"}, {"uuid": "677289c4-55d6-4308-88bd-5dcdbff60eef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7779", "content": "CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution\n\nhttps://pyn3rd.github.io/2023/09/15/CVE-2023-34040-Spring-Kafka-Deserialization-Remote-Code-Execution/", "creation_timestamp": "2023-09-17T20:05:13.000000Z"}, {"uuid": "b78542ee-08f8-458e-b71a-b1de604b7368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://t.me/vxunderground/4463", "content": "Large update to vx-underground:\n\nSamples:\n- VirusSign.2024.06.20\n- VirusSign.2024.06.21\n- VirusSign.2024.06.22\n- VirusSign.2024.06.23\n- VirusSign.2024.06.24\n- VirusSign.2024.06.25\n- VirusSign.2024.06.26\n- VirusSign.2024.06.27\n- VirusSign.2024.06.28\n- InTheWild.0127\n\nPapers:\n- 2015-01-22 - Malvertising Leading To Flash Zero Day Via Angler Exploit Kit\n- 2018-10-22 - Chalubo botnet wants to DDoS from your server or IoT device\n- 2022-07-18 - Trident Ursa\n- 2023-06-10 - IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment\n- 2023-06-13 - VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors\n- 2024-01-06 - Understanding Internals of SmokeLoader\n- 2024-01-19 - Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021\n- 2024-04-09 - BlueShell: Four Years On, Still A Formidable Threat\n- 2024-04-09 - Unpacking the Blackjack Group's Fuxnet Malware\n- 2024-04-24 - Analysis of Ongoing FROZENSHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover\n- 2024-05-06 - HijackLoader Updates\n- 2024-05-08 - From OSINT to Disk: Wave Stealer Analysis\n- 2024-05-13 - Wavestealer Spotted In The Wild\n- 2024-05-23 - Tracking APT SideWinder With DNS Records\n- 2024-05-26 - QakBOT v5 Deep Malware Analysis\n- 2024-05-28 - BlackSuit Attack Analysis\n- 2024-05-30 - The Pumpkin Eclipse\n- 2024-06-04 - Muhstik Malware Targets Message Queuing Services Applications\n- 2024-06-05 - DarkGate switches up its tactics with new payload, email templates\n- 2024-06-05 - ExMatter malware levels up: S-RM observes new variant with simultaneous remote code execution and data targeting\n- 2024-06-06 - DarkGate: Make AutoIt Great Again\n- 2024-06-06 - EMBERSim: A Large-Scale Databank for Boosting Similarity Search in Malware Analysis", "creation_timestamp": "2024-06-29T17:10:08.000000Z"}, {"uuid": "bf07acff-7b34-419a-bdcc-23e7e2c55fb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3mddfjwvjymj2", "content": "", "creation_timestamp": "2026-01-26T13:56:34.812847Z"}, {"uuid": "64c6f55b-9c93-4913-b6ff-a4fca20b2515", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/5a3ce4a6-23fe-4c70-a292-886554e53ca9", "content": "", "creation_timestamp": "2026-02-02T12:26:42.275606Z"}, {"uuid": "adfd14d2-1a0d-4c67-8c9e-d0e8588a25bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/87", "content": "\u2604\ufe0fCVE-2023-34040\nSpring-Kafka-Deserialization RCE\n\n\ud83d\udce3\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 PoC: \nhttps://github.com/pyn3rd/CVE-2023-34040/tree/main", "creation_timestamp": "2023-10-07T14:14:27.000000Z"}, {"uuid": "7c218f6b-ef9b-4d1d-ae47-484de4a614b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/ap_security/159", "content": "\ud83c\udf10VMware \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u0438\u043b\u0430 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 vCenter Server\n\n\ud83d\udee1\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u0431\u0440\u0435\u0448\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430\n\n\ud83d\udee1\u0411\u0430\u0433\u0443 \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2023-34048 \u0438 \u0434\u0430\u043b\u0438 9,8 \u0431\u0430\u043b\u043b\u0430 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS\n\n\ud83d\udee1\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f vCenter 7.0 \u0438 8.0, Cloud Foundation 5.x \u0438 4.\u0445\n\n#itnews #infosec #cve", "creation_timestamp": "2023-10-25T18:55:53.000000Z"}, {"uuid": "9b11472e-dced-453a-aeed-5ac324088a7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://t.me/itsec_news/3678", "content": "\u200b\u26a1\ufe0f\u0422\u0440\u0435\u0432\u043e\u0433\u0430 \u0432 \u043e\u0431\u043b\u0430\u043a\u0435 VMware: \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Cloud Director\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f VMware \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u0441\u0432\u043e\u0451\u043c \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 Cloud Director. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2023-34060 (\u043e\u0446\u0435\u043d\u043a\u0430 \u043f\u043e CVSS 9,8 \u0431\u0430\u043b\u043b\u043e\u0432) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Cloud Director, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 10.5 \u0441 \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 sssd \u0432 Photon OS. \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0440\u0442\u044b 22 \u0438 5480, \u043c\u0438\u043d\u0443\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u0443\u044e \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u0443 \u0432\u0445\u043e\u0434\u0430. \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u0443 \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0414\u0430\u0441\u0442\u0438\u043d\u0443 \u0425\u0430\u0440\u0442\u043b\u0443 \u0438\u0437 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Ideal Integrations.\n\nVMware \u043f\u043e\u043a\u0430 \u043d\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u043e\u0434\u043d\u0430\u043a\u043e \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439. \u0415\u0433\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043d\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043f\u0440\u043e\u0441\u0442\u043e\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u043d\u0435 \u043f\u043e\u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0440\u0430\u0431\u043e\u0442\u0443 Cloud Director, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u043c\u044f\u0433\u0447\u0430\u044e\u0449\u0438\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u0438 \u043d\u0435 \u0434\u043e\u0436\u0438\u0434\u0430\u0442\u044c\u0441\u044f \u0432\u044b\u0445\u043e\u0434\u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430.\n\n\u041a\u0430\u043a \u0443\u0436\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043b\u043e\u0441\u044c \u0432\u044b\u0448\u0435, \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0431\u0430\u043b\u043b \u2014 9.8, \u0447\u0442\u043e \u0433\u043e\u0432\u043e\u0440\u0438\u0442 \u043e \u0435\u0451 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 \u0438 \u043b\u0451\u0433\u043a\u043e\u0441\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438. \u0422\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043b\u0438\u0448\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u0443\u044e \u0431\u0440\u0435\u0448\u044c \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u043e\u043d\u0430 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u043c \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Cloud Director.\n\n\u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e \u0441\u043e\u0432\u0441\u0435\u043c \u043d\u0435\u0434\u0430\u0432\u043d\u043e, \u0432 \u043a\u043e\u043d\u0446\u0435 \u043e\u043a\u0442\u044f\u0431\u0440\u044f, VMware \u0443\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043e\u043f\u0430\u0441\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0434\u0440\u0443\u0433\u043e\u043c \u0441\u0432\u043e\u0451\u043c \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435, vCenter Server, \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2023-34048 , \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0448\u0443\u044e \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0431\u044b\u0441\u0442\u0440\u043e\u0435 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044e\u0442 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 \u0441\u0432\u043e\u0438\u0445 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0438 \u0441\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-11-15T10:00:20.000000Z"}, {"uuid": "9accc04d-65a1-4a68-92e5-eef8e7b52f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/186", "content": "CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution \n\n\ud83d\udc64 by pyn3rd\n\nIn Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers.\n\nThe researcher described in detail the causes of the vulnerability and the method of its exploitation. This is a perfect example of how a vulnerability can be reproduced only based on information from advisory.  \n\n\ud83d\udcdd Contents:\n\u25cf Preface\n\u25cf Concepts of Kafka\n\u25cf Preparation\n\nhttps://pyn3rd.github.io/2023/09/15/CVE-2023-34040-Spring-Kafka-Deserialization-Remote-Code-Execution/", "creation_timestamp": "2023-09-18T06:30:08.000000Z"}, {"uuid": "710ea332-f8fc-4488-99fe-ca0921eb7c00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/kasperskyb2b/1116", "content": "\ud83d\udd0e \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\u041a\u043e\u0433\u0434\u0430 \u043a\u0430\u043a\u0443\u044e-\u0442\u043e \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0442, \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043e\u0442\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043f\u0430\u0442\u0447\u0435\u0439 \u0432\u0441\u0451 \u0440\u0430\u0432\u043d\u043e \u043d\u0435 \u0441\u0442\u043e\u0438\u0442. \u0412\u043e\u0442 \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u0443\u044e CVE-2023-34048, \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0437\u0430\u043a\u0440\u044b\u0442\u0443\u044e \u0432 VMWare vCenter, \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0430\u0436 \u0441 2021 \u0433\u043e\u0434\u0430. \ud83d\udc40\n\n\u2699\ufe0f \u0410\u043d\u0430\u043b\u0438\u0437 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0443\u0440\u043e\u0432\u043d\u044f \u044f\u0434\u0440\u0430, \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0432 \u0412\u041f\u041e PlugX, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0430\u0432\u0442\u043e\u0440\u044b \u0443\u043c\u0443\u0434\u0440\u0438\u043b\u0438\u0441\u044c \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0442\u044c \u0441\u0430\u043c\u0438 \u0437\u043d\u0430\u0435\u0442\u0435 \u0432 \u043a\u0430\u043a\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\ud83c\udf10\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 NSPX30, \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0432 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0430\u0445 APT Blackwood. \u0410\u0432\u0442\u043e\u0440\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0447\u0438\u0442\u0430\u044e\u0442 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044e \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 \u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0435\u0451 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u044c. \u0412\u041f\u041e \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a WPS Office \u0438 Sogou PinyinVSogou Pinyin, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430. \u041f\u043e\u0434\u043e\u0431\u043d\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u043a\u0443 \u043c\u044b \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0438, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0432 APT Windealer. \u041e\u043d\u0430 \u0436\u0435 \u0432\u0438\u0434\u0438\u043c\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0435 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043d\u0430 \u04212.\n\n\ud83d\udfe2 \u0421\u044e\u0436\u0435\u0442 \u0441\u043e \u0432\u0437\u043b\u043e\u043c\u043e\u043c Microsoft \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f. \u041f\u043e\u043c\u0438\u043c\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u0430\u0442\u0430\u043a\u0438, \u043d\u043e\u0432\u044b\u0439 \u0431\u043b\u043e\u0433\u043f\u043e\u0441\u0442 Microsoft \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435 \u043d\u0430 \u0442\u043e \u043a\u0430\u043a \u0442\u0430 \u0436\u0435 APT \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0434\u0440\u0443\u0433\u0438\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438. \u0418\u0437 \u043e\u0431\u0442\u0435\u043a\u0430\u0435\u043c\u044b\u0445 \u0444\u0440\u0430\u0437 \u043d\u0435\u043f\u043e\u043d\u044f\u0442\u043d\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u043b\u0438 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c Microsoft \u0438\u043b\u0438 \u0436\u0435 TI-\u043a\u043e\u043c\u0430\u043d\u0434\u0430 Microsoft \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0430\u0448\u043b\u0430 \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0430\u0442\u0430\u043a \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0441\u043e \u00ab\u0441\u0432\u043e\u0435\u0439\u00bb. \u041d\u043e\u0432\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d \u043a\u0430\u043a \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u043d\u0438\u043a\u0430\u043c \u0438 \u0432 \u044d\u0442\u043e\u0439 \u0440\u043e\u043b\u0438 \u0432\u043f\u043e\u043b\u043d\u0435 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u043d: \u0445\u0430\u0440\u0434\u0435\u043d\u0438\u043d\u0433 Oauth, \u0437\u0430\u0449\u0438\u0442\u0430 \u043e\u0442 \u0430\u0442\u0430\u043a \u0442\u0438\u043f\u0430 password spray, \u0440\u0435\u043b\u0435\u0432\u0430\u043d\u0442\u043d\u044b\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0432 SIEM \u0438 XDR. \n\n\ud83d\udc6e\u200d\u2640\ufe0f \u0410\u043d\u0430\u043b\u0438\u0437 \u043a\u0440\u0443\u043f\u043d\u043e\u0439 \u043a\u0440\u0438\u043c\u0438\u043d\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 VexTrio, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u0443\u044e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 TDS \u0438 \u0431\u043e\u043b\u0435\u0435 70 \u0442\u044b\u0441\u044f\u0447 \u0434\u043e\u043c\u0435\u043d\u043e\u0432. \u042d\u0442\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u0432 \u0434\u0435\u0441\u044f\u0442\u043a\u0430\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0441\u0445\u0435\u043c - \u043e\u0442 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u0441  \u0440\u043e\u043c\u0430\u043d\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u044f\u043c\u0438 \u0434\u043e \u0444\u0430\u043b\u044c\u0448\u0438\u0432\u044b\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u041f\u041e, \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f ransomware.\n\n\ud83e\udd9c \u041a\u0441\u0442\u0430\u0442\u0438, \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0432\u044b\u0448\u0435\u043b \u0435\u0449\u0451 \u043e\u0434\u0438\u043d \u0440\u0430\u0437\u0431\u043e\u0440 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0440\u0435\u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0432 ParrotTDS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u0437\u0432\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0441 2019 \u0433\u043e\u0434\u0430 \u0438 \u0432\u0441\u0451 \u043e\u0442\u0442\u0430\u0447\u0438\u0432\u0430\u0435\u0442 \u0441\u0432\u043e\u044e \u0441\u043a\u0440\u044b\u0442\u043d\u043e\u0441\u0442\u044c. \u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043d\u0430 \u0431\u0430\u0437\u0435 \u043a\u043e\u0440\u043e\u0431\u043e\u0447\u043d\u044b\u0445 CMS \u043d\u0430\u043f\u043e\u0434\u043e\u0431\u0438\u0435 Wordpress \u0438 Joomla \u0441\u0442\u043e\u0438\u0442 \u043f\u0440\u0438\u043d\u044f\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u0437\u0430\u0449\u0438\u0442\u044b, \u0447\u0442\u043e\u0431\u044b \u043d\u0435 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0432\u043e\u0438\u0445 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u0448\u0442\u0430\u043c\u043c\u0430 ransomware Kasseika: \u0432\u0438\u0434\u0438\u043c\u043e \u0441\u043e\u0437\u0434\u0430\u043d \u0431\u044b\u0432\u0448\u0438\u043c\u0438 \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u0430\u043c\u0438 BlackMatter, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0442\u0435\u0445\u043d\u0438\u043a\u0443 BYOVD \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b Martini/VirtIT Agent \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u043d\u0430 \u0430\u0442\u0430\u043a\u0443\u0435\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 PsExec. \u041d\u043e\u0432\u0430\u044f \u043a\u043b\u0430\u0441\u0441\u0438\u043a\u0430 \ud83d\ude1e\n\n\u041d\u0435 APT, \u043d\u043e \u0442\u043e\u0436\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\n\n\ud83d\udc8e \u041f\u0440\u043e\u0433\u043d\u043e\u0437\u044b \u043d\u0430 2024 \u0433\u043e\u0434 \u0432 \u0441\u0444\u0435\u0440\u0435 \u0432\u044b\u043c\u0438\u0440\u0430\u044e\u0449\u0438\u0445 \u0432\u0438\u0434\u043e\u0432 \u2014 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u0441\u0442\u0438. \u041f\u043e\u0447\u0438\u0442\u0430\u0439\u0442\u0435, \u0442\u0430\u043c \u043c\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u043c\u044b\u0441\u043b\u0435\u0439. \u0420\u0435\u0434\u0430\u043a\u0446\u0438\u0438 \u043f\u043e\u043d\u0440\u0430\u0432\u0438\u043b\u0430\u0441\u044c, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0442\u0430\u043a\u0430\u044f: \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u0435 \u0418\u0418 \u0432\u044b\u043d\u0443\u0434\u0438\u0442 \u0440\u0435\u0433\u0443\u043b\u044f\u0442\u043e\u0440\u043e\u0432 \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u0442\u044c \u043f\u043e\u043d\u044f\u0442\u0438\u0435 \u00ab\u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435\u00bb \u043d\u0430 \u0444\u043e\u0442\u043e \u0438 \u0432\u0438\u0434\u0435\u043e, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e \u0434\u0438\u043f\u0444\u0435\u0439\u043a\u0438 \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u0432\u0441\u0451 \u0431\u043e\u043b\u0435\u0435 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u043e\u0439. \u0415\u0441\u0442\u044c \u0438 \u043c\u043d\u043e\u0433\u043e\u0435 \u0434\u0440\u0443\u0433\u043e\u0435: \u043f\u0440\u043e \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u0418\u0418-\u0430\u0441\u0441\u0438\u0441\u0442\u0435\u043d\u0442\u043e\u0432 \u043d\u043e\u0432\u043e\u0433\u043e \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0431\u043b\u0438\u0436\u0435\u043d\u0438\u0435 \u0431\u0435\u0441\u043f\u0430\u0440\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0431\u0443\u0434\u0443\u0449\u0435\u0433\u043e \u0438 \u0442\u0430\u043a \u0434\u0430\u043b\u0435\u0435.\n\n\ud83c\udf4f \u0410\u043d\u0430\u043b\u0438\u0437 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0433\u043e MacOS-\u0431\u044d\u043a\u0434\u043e\u0440\u0430: \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 \u0441\u0432\u0435\u0436\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 MacOS, \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u0435\u0442 \u0412\u041f\u041e \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430 \u0438\u0437 TXT-\u0437\u0430\u043f\u0438\u0441\u0435\u0439 DNS, \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0441\u0447\u0451\u0442\u0435 \u0432\u043e\u0440\u0443\u0435\u0442 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u0443.\n\n\ud83d\ude93 \u041e\u0431\u0437\u043e\u0440 \u0438\u0442\u043e\u0433\u043e\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u0433\u043e Pwn2own:  49 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u0432, $1,3 \u043c\u043b\u043d \u043f\u0440\u0438\u0437\u043e\u0432, \u0432\u043e \u0432\u0441\u0435 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u0432\u043e\u0448\u043b\u0438 \u0434\u0432\u0435 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0434\u043b\u044f Tesla. \u0410 \u043c\u044b \u0431\u044b \u0441\u043e\u0432\u0435\u0442\u043e\u0432\u0430\u043b\u0438 \u0431\u043e\u043b\u044c\u0448\u0435 \u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043d\u0430 \u0434\u044b\u0440\u044b \u00ab\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u044b\u0435\u00bb, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u043a\u043e\u043c\u0431\u043e \u0438\u0437 \u0442\u0440\u0451\u0445 \u0431\u0430\u0433\u043e\u0432 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Automotive Grade Linux.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2024-01-29T11:16:37.000000Z"}, {"uuid": "3787ac3f-9503-4d9c-8217-24efd87eb4cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "Telegram/Ls55OSGyHoJ6JZbLrNh6Nchr_R1rZcPQyoB8EhpT4Czc", "content": "", "creation_timestamp": "2023-10-22T18:25:06.000000Z"}, {"uuid": "012bed20-35d9-48dd-bf5d-5282d110d5eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34049", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113479403082528116", "content": "", "creation_timestamp": "2024-11-14T04:24:35.087503Z"}, {"uuid": "1204ebec-1559-4804-84cc-01b6faf77b4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://threatintel.cc/2025/07/28/chinalinked-group-fire-ant-exploits.html", "content": "", "creation_timestamp": "2025-07-28T08:52:33.000000Z"}, {"uuid": "5f817b4f-07a5-4c2e-9c06-fde89f5ae031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3luzxvbtph62d", "content": "", "creation_timestamp": "2025-07-28T16:05:40.254974Z"}, {"uuid": "912e5062-4308-438d-a648-8c4310f1e0d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://bsky.app/profile/gscafo.bsky.social/post/3luzyylog662u", "content": "", "creation_timestamp": "2025-07-28T16:25:25.680601Z"}, {"uuid": "af525e3e-aa0c-4b89-8412-702fd50c32d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:11.000000Z"}, {"uuid": "f57a4fc8-5dc2-49b3-8d93-befa147284d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://bsky.app/profile/allsafeus.bsky.social/post/3md4say4dhi2d", "content": "", "creation_timestamp": "2026-01-23T22:55:32.356998Z"}, {"uuid": "4cdb8260-f88f-40fe-8cbe-1d6155d6023c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1146", "content": "", "creation_timestamp": "2023-10-26T04:00:00.000000Z"}, {"uuid": "580ca0ca-9245-40fe-bc13-88bac0150638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34044", "type": "published-proof-of-concept", "source": "https://t.me/poxek/6033", "content": "\u0420\u0430\u0441\u0442\u0435\u043c \u0432 VMware \u043e\u0442 Guest \u0434\u043e Host \u0447\u0435\u0440\u0435\u0437 CVE-2023-20870 + CVE-2023-34044 + CVE-2023-20869\n#VMware #CVE #Bluetooth\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c r0keb \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043b \u0438 \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u043b \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 VMware Workstation 17.0.0, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u044b\u0439 Guest-to-Host escape, \u0438\u043c\u0435\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0433\u043e\u0441\u0442\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u267e\ufe0f\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0441\u0443\u0442\u044c\u267e\ufe0f\n\n\u0410\u0442\u0430\u043a\u0430 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0434\u0432\u0430 \u044d\u0442\u0430\u043f\u0430. \n\n\u25aa\ufe0f\u041f\u0435\u0440\u0432\u044b\u0439 \u2014 memory leak (CVE-2023-20870 \u0438 CVE-2023-34044) \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 USB Request Blocks (URB) \u0432 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Bluetooth \u0438 Mouse. malloc \u0431\u0435\u0437 \u043e\u0431\u043d\u0443\u043b\u0435\u043d\u0438\u044f + \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 LFH-\u0431\u0430\u043a\u0435\u0442\u043e\u0432 (0xb0) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0433\u043e\u0441\u0442\u044e \u0443\u0442\u0435\u0447\u044c \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c \u043d\u0430 \u0431\u0430\u0437\u0443 vmware_vmx.exe \u0438 \u043e\u0431\u043e\u0439\u0442\u0438 ASLR.\n\n\u25aa\ufe0f\u0412\u0442\u043e\u0440\u043e\u0439 \u2014 stack-based buffer overflow (CVE-2023-20869) \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 SDP-\u043f\u0430\u043a\u0435\u0442\u043e\u0432 (\u0444\u0443\u043d\u043a\u0446\u0438\u0438 SDPData_ReadElement \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 memcpy). \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 SDP_SVC_SEARCH_ATTR_REQ \u0441 \u0432\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u043c \u0442\u0438\u043f\u0430 SDP_DE_UINT \u0438 \u043f\u0435\u0440\u0435\u0440\u0430\u0437\u043c\u0435\u0440\u0435\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u0435\u043c AttributeIDList (~0x28f \u0431\u0430\u0439\u0442) \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u0434\u0432\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u0442\u0435\u043a\u0430, \u0437\u0430\u0442\u0438\u0440\u0430\u044e\u0449\u0438\u0445 return-\u0430\u0434\u0440\u0435\u0441\u0430 \u0438 \u0434\u0430\u044e\u0449\u0438\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 RIP.\n\n\u267e\ufe0f\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f\u267e\ufe0f\n\n \u25aa\ufe0f\u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0448\u0430\u0440\u0438\u043d\u0433 Bluetooth-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441 \u0433\u043e\u0441\u0442\u0435\u043c\n \u25aa\ufe0f\u0427\u0435\u0440\u0435\u0437 libusb \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u043c Bluetooth (VID:0x0e0f, PID:0x0008) \u0438 Mouse (PID:0x0003)\n \u25aa\ufe0f\u0412\u044b\u0434\u0435\u043b\u044f\u0442\u044c \u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0430\u0442\u044c URB \u043c\u044b\u0448\u0438 \u0434\u043b\u044f \u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f LFH-\u0431\u0430\u043a\u0435\u0442\u0430 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c 0xb0\n \u25aa\ufe0f\u0427\u0438\u0442\u0430\u0442\u044c \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u043f\u0430\u043c\u044f\u0442\u044c \u0447\u0435\u0440\u0435\u0437 control transfer (wLength=0x80) \u2192 \u0443\u0442\u0435\u0447\u043a\u0430 \u0431\u0430\u0437\u044b vmware_vmx\n \u25aa\ufe0f\u041f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c btusb/usbhid \u043c\u043e\u0434\u0443\u043b\u0438 \u0432 \u0433\u043e\u0441\u0442\u0435\n \u25aa\ufe0f\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c L2CAP/SDP-\u0441\u0435\u0441\u0441\u0438\u044e \u0441 \u0432\u043d\u0435\u0448\u043d\u0438\u043c Bluetooth-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c (\u0442\u0435\u043b\u0435\u0444\u043e\u043d \u0438 \u0442.\u0434.)\n \u25aa\ufe0f\u041e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c crafted SDP-\u043f\u0430\u043a\u0435\u0442 \u0441 oversized AttributeIDList (0x28f \u0431\u0430\u0439\u0442) \u0438 SDP_DE_UINT\n\u25aa\ufe0f \u0412\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c ROP-\u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043d\u0430 \u0445\u043e\u0441\u0442\u0435 (\u043f\u0440\u0438\u043c\u0435\u0440 \u2014 \u0437\u0430\u043f\u0443\u0441\u043a calc.exe)\n\n\u267e\ufe0f\u0418\u043c\u043f\u0430\u043a\u0442\u267e\ufe0f\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u043f\u0440\u043e\u0440\u044b\u0432 \u0438\u0437\u043e\u043b\u044f\u0446\u0438\u0438 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b: \u0438\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0433\u043e\u0441\u0442\u0435\u0432\u043e\u0439 \u041e\u0421 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 arbitrary code execution \u043d\u0430 \u0445\u043e\u0441\u0442\u0435 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 vmware-vmx. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043a\u0440\u0435\u043f\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0445\u043e\u0441\u0442\u0435, \u043f\u043e\u0445\u0438\u0449\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435, \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0412\u041c \u043d\u0430 \u044d\u0442\u043e\u043c \u0436\u0435 \u0445\u043e\u0441\u0442\u0435 \u0438\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043c\u0430\u0448\u0438\u043d\u0443 \u0434\u043b\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0430\u0442\u0430\u043a.\n\n\ud83d\udd17\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\n\n\ud83c\udf1a @poxek | \ud83d\udcf2 MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK", "creation_timestamp": "2026-04-08T13:54:44.000000Z"}, {"uuid": "e24010ec-ecb5-4ed7-86a6-e284a43546bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://t.me/itsec_news/4009", "content": "\u200b\u26a1\ufe0fCVE-2023-34048: zero-day, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0430\u0439\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0441\u044f \u043e\u043a\u043e\u043b\u043e \u0434\u0432\u0443\u0445 \u043b\u0435\u0442\n\n\u0413\u0440\u0443\u043f\u043f\u0430 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u041a\u0438\u0442\u0430\u0435\u043c \u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a UNC3886, \u0442\u0430\u0439\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e zero-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f VMware vCenter Server \u0441 \u043a\u043e\u043d\u0446\u0430 2021 \u0433\u043e\u0434\u0430. \u042d\u0442\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0431\u044b\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0432 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u043c \u043e\u0442\u0447\u0451\u0442\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Mandiant.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 CVE-2023-34048 \u0438 \u043e\u0446\u0435\u043d\u043a\u0443 9.8 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0443 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u043b\u043e\u043a\u0430 (Out-of-bounds Write), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438 vCenter Server \u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430. 24 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2023 \u0433\u043e\u0434\u0430, \u0432\u0441\u043a\u043e\u0440\u0435 \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u043d\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Broadcom.\n\n\u0412 \u043d\u0430\u0447\u0430\u043b\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 VMware \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0441\u0432\u043e\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u043e\u0442 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0433\u0434\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e CVE-2023-34048 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445.\n\nUNC3886 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043f\u0440\u0438\u0432\u043b\u0435\u043a\u043b\u0430 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043a \u0441\u0432\u043e\u0438\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f\u043c \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430, \u043a\u043e\u0433\u0434\u0430 \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e, \u0447\u0442\u043e \u0433\u0440\u0443\u043f\u043f\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0440\u0430\u043d\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 VMware \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u0432 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Windows \u0438 Linux. \u0421\u0440\u0435\u0434\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0441\u043e\u0444\u0442\u0430 \u0431\u044b\u043b\u0438 \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b VirtualPita \u0438 VirtualPie.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0442 Mandiant \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 UNC3886 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 VMware, \u0431\u044b\u043b\u0430 \u0438\u043c\u0435\u043d\u043d\u043e CVE-2023-34048. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435 vCenter, \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0438\u0442\u044c \u0432\u0441\u0435 \u0445\u043e\u0441\u0442\u044b ESXi \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0435 \u043a \u043d\u0438\u043c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u043c\u0430\u0448\u0438\u043d\u044b.\n\n\u0414\u0430\u043b\u0435\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0451\u0442\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u00abvpxuser\u00bb \u0445\u043e\u0441\u0442\u043e\u0432 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0432\u0438\u0434\u0435 \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u043b\u0438\u0441\u044c \u043a \u043d\u0438\u043c \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u043a \u0445\u043e\u0441\u0442\u0430\u043c \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e.\n\n\u0414\u0430\u043d\u043d\u0430\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u0443\u0442\u044c \u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 VMware \u2014 CVE-2023-20867 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 3.9), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u043c\u0435\u0436\u0434\u0443 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043c\u0430\u0448\u0438\u043d\u0430\u043c\u0438 \u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0445\u043e\u0441\u0442\u043e\u043c ESXi. \u041e\u0431 \u044d\u0442\u043e\u043c Mandiant \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0430 \u0432 \u0438\u044e\u043d\u0435 2023 \u0433\u043e\u0434\u0430.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c VMware vCenter Server \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e, \u0447\u0442\u043e\u0431\u044b \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0443\u0433\u0440\u043e\u0437\u044b.\n\n\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0433\u043e\u0434\u044b UNC3886 \u0442\u0430\u043a\u0436\u0435 \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-41328 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 6.5) \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 Fortinet FortiOS \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0451\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 THINCRUST \u0438 CASTLETAP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0445 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435.\n\n\u042d\u0442\u0438 \u0430\u0442\u0430\u043a\u0438 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043e\u043f\u0430\u0441\u043d\u044b \u0434\u043b\u044f \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0439 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u043e\u0432 \u0438 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d\u0438 \u0447\u0430\u0441\u0442\u043e \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442 EDR-\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u043e\u0441\u0442\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-01-22T07:52:07.000000Z"}, {"uuid": "e66982ab-911a-4459-9111-98a3ca2bb76f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://t.me/BleepingComputer/19267", "content": "\u200aChinese hackers exploit VMware bug as zero-day for two years\n\nA Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021. [...]\n\nhttps://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-vmware-bug-as-zero-day-for-two-years/", "creation_timestamp": "2024-01-19T19:45:15.000000Z"}, {"uuid": "007f8871-b5e7-4479-843c-3b1c8e14fb86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/367", "content": "Top Security News for 18/09/2023\n\nAccount Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation\nhttps://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/ \n\nCVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)\nhttps://www.reddit.com/r/netsec/comments/16kwvfl/cve202232947_macos_gpulaunched_kernel_privilege/ \n\nTickling ksmbd: fuzzing SMB in the Linux kernel\nhttps://www.reddit.com/r/netsec/comments/16kvckv/tickling_ksmbd_fuzzing_smb_in_the_linux_kernel/ \n\nISC Stormcast For Monday, September 18th, 2023 https://isc.sans.edu/podcastdetail/8662, (Mon, Sep 18th)\nhttps://malware.news/t/isc-stormcast-for-monday-september-18th-2023-https-isc-sans-edu-podcastdetail-8662-mon-sep-18th/73542#post_1 \n\nFinancially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks\nhttps://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html \n\nNorth Korea's Lazarus Group Suspected in $31 Million CoinEx Heist\nhttps://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html \n\nAccount Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation\nhttps://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/ \n\nClop gang stolen data from major North Carolina hospitals\nhttps://securityaffairs.com/150949/cyber-crime/north-carolina-hospitals-data-breach.html \n\nA Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.\nhttps://www.reddit.com/r/netsec/comments/16l5vtu/a_practical_approach_to_sbom_in_cicd_presenting/ \n\nCVE-2023-34040 Spring Kafka Deserialization Remote Code Execution\nhttps://www.reddit.com/r/netsec/comments/16kvb77/cve202334040_spring_kafka_deserialization_remote/ \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2023-09-18T07:00:08.000000Z"}, {"uuid": "0ba13787-c3fe-4010-a50a-d9dfea6f58f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/152", "content": "\u2604\ufe0fCVE-2023-34040\nSpring-Kafka-Deserialization RCE\n\n\ud83d\udce3\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 PoC: \nhttps://github.com/pyn3rd/CVE-2023-34040/tree/main", "creation_timestamp": "2023-10-07T14:14:27.000000Z"}, {"uuid": "f2000f86-3bb0-4a27-90a7-9f55f4bda8c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/true_secator/6217", "content": "Broadcom \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 VMware vCenter, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043d\u0430 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0447\u0435\u0440\u0435\u0437 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442.\n\nvCenter Server - \u044d\u0442\u043e \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0437\u0435\u043b \u0434\u043b\u044f \u043f\u0430\u043a\u0435\u0442\u0430 VMware vSphere, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439.\n\nCVE-2024-38812 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 TZL \u0432 \u0445\u043e\u0434\u0435 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0430 Matrix Cup 2024. \n\n\u041e\u043d\u0430 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439  \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u0443\u0447\u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 DCE/RPC, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0435 vCenter, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 VMware vSphere \u0438 VMware Cloud Foundation.\n\n\u041d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c, \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u043a RCE.\n\n\u041c\u0435\u0440\u044b \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u043c\u043e\u0433\u0443\u0442 \u0432\u0430\u0440\u044c\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0443\u0440\u043e\u0432\u043d\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0439 \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0439 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430, \u043a\u0430\u0436\u0434\u0430\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u0434\u043e\u043b\u0436\u043d\u0430 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u0442\u044c \u0430\u0434\u0435\u043a\u0432\u0430\u0442\u043d\u043e\u0441\u0442\u044c \u044d\u0442\u0438\u0445 \u043c\u0435\u0440 \u0437\u0430\u0449\u0438\u0442\u044b.\n\n\u0427\u0442\u043e\u0431\u044b \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u0443\u044e \u0437\u0430\u0449\u0438\u0442\u0443 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0434\u043d\u0443 \u0438\u0437 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439, \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 VMware. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0447\u0435\u0440\u0435\u0437 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f vCenter Server.\n\nBroadcom \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u043d\u0435 \u043d\u0430\u0448\u043b\u0430 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-34048 RCE \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u043b\u0436\u043d\u044b \u0441\u0442\u0440\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043f\u043e \u043f\u0435\u0440\u0438\u043c\u0435\u0442\u0440\u0443 \u0441\u0435\u0442\u0438 \u043a \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u043c \u0438 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f vSphere, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0438 \u0441\u0435\u0442\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0434\u0440\u0443\u0433\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 EoP (CVE-2024-38813), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 root \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430.", "creation_timestamp": "2024-09-18T11:18:15.000000Z"}, {"uuid": "d05e4150-db38-4e55-8f04-9b5f0525467e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/cibsecurity/72836", "content": "\u203c CVE-2023-34048 \u203c\n\nvCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00c2\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-25T22:39:22.000000Z"}, {"uuid": "b49b1440-6b2c-4a3e-bce4-39aaccfaf8d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34047", "type": "seen", "source": "https://t.me/cibsecurity/70794", "content": "\u203c CVE-2023-34047 \u203c\n\nA batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions\u00c2\u00a0instance when registering batch loader functions through DefaultBatchLoaderRegistry.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T14:30:09.000000Z"}, {"uuid": "4350f7c1-5788-4cbc-8651-3697ca87a37c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/ctinow/171850", "content": "https://ift.tt/TVB9rje\nCVE-2023-34048 Exploitation", "creation_timestamp": "2024-01-23T11:16:37.000000Z"}, {"uuid": "70bd8186-78f1-40bd-85b4-ecea4b8e4584", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34041", "type": "seen", "source": "https://t.me/cibsecurity/70140", "content": "\u203c CVE-2023-34041 \u203c\n\nCloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-08T12:19:27.000000Z"}, {"uuid": "872f01aa-8680-41ef-8d76-8c2c6d1526ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "MISP/e3a58da8-48fa-4feb-9d66-525a5b00f499", "content": "", "creation_timestamp": "2026-04-30T15:55:38.000000Z"}, {"uuid": "6249e430-1487-4e42-beff-76bda8068a3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/thehackernews/4052", "content": "\ud83d\udea8 VMware releases crucial security updates to fix a new critical vulnerability (CVE-2023-34048) in vCenter Server. \n \nDetails in the article: https://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html \n \nProtect your systems from remote code execution.", "creation_timestamp": "2023-10-25T12:24:28.000000Z"}, {"uuid": "a033aeec-b713-49d6-b417-a9222daced56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8944", "content": "#exploit\n1. CVE-2023-39141:\nAria2 WebUI - Path traversal\nhttps://github.com/codeb0ss/CVE-2023-39141-PoC\n\n2. CVE-2023-34040:\nSpring Kafka Deserialization Vulnerability\nhttps://github.com/Contrast-Security-OSS/Spring-Kafka-POC-CVE-2023-34040\n\n3. CVE-2023-26818:\nExploit MacOS TCC Bypass W/ Telegram\nhttps://github.com/Zeyad-Azima/CVE-2023-26818", "creation_timestamp": "2023-08-31T10:59:01.000000Z"}, {"uuid": "4f76d1c8-ca49-44c0-bd83-a25d214a4d79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-01-22T18:10:02.000000Z"}, {"uuid": "d702e0a9-33a4-41d1-bafc-866ded5ac92b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:51.000000Z"}, {"uuid": "b7c00d8e-6803-418b-99bf-550dbae1de7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://gist.github.com/Darkcrai86/f478a7b258a4ba4e77c13e27154ee51f", "content": "", "creation_timestamp": "2025-12-05T13:02:24.000000Z"}, {"uuid": "22745602-8f62-457c-93fd-4bf86d089c6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/5a3ce4a6-23fe-4c70-a292-886554e53ca9", "content": "", "creation_timestamp": "2026-02-02T12:26:42.275606Z"}, {"uuid": "8729785f-f9c0-4351-ac18-d33f293775a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5039", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPOC for Spring Kafka Deserialization Vulnerability CVE-2023-34040\nURL\uff1ahttps://github.com/Contrast-Security-OSS/Spring-Kafka-POC-CVE-2023-34040\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-30T12:13:28.000000Z"}, {"uuid": "8b1e41a6-f602-48f2-8a37-da1742265834", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "exploited", "source": "https://t.me/hackyourmom/12170", "content": "\ud83d\udd0d \u0425\u0430\u043a\u0435\u0440\u0441\u044c\u043a\u0430 \u0433\u0440\u0443\u043f\u0430 Fire Ant, \u043f\u043e\u0432\u2019\u044f\u0437\u0430\u043d\u0430 \u0437 \u043a\u0438\u0442\u0430\u0439\u0441\u044c\u043a\u043e\u044e APT-\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u044e UNC3886, \u0437\u043b\u0430\u043c\u0443\u0454 \u0441\u0435\u0440\u0435\u0434\u043e\u0432\u0438\u0449\u0430 VMware ESXi \u0442\u0430 vCenter, \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u044e\u0447\u0438 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0456 CVE-2023-34048 \u0456 CVE-2023-20867 \ud83d\udcbb\n\n\u2328\ufe0f \u0412\u043e\u043d\u0438 \u043e\u0442\u0440\u0438\u043c\u0443\u044e\u0442\u044c \u043e\u0431\u043b\u0456\u043a\u043e\u0432\u0456 \u0434\u0430\u043d\u0456 vpxuser, \u043f\u043e\u0448\u0438\u0440\u044e\u044e\u0442\u044c\u0441\u044f \u043c\u0456\u0436 \u0445\u043e\u0441\u0442\u0430\u043c\u0438, \u0432\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u044e\u044e\u0442\u044c \u0431\u0435\u043a\u0434\u043e\u0440\u0438 \u0442\u0430 \u0456\u043c\u043f\u043b\u0430\u043d\u0442\u0438, \u0437\u043d\u0438\u0449\u0443\u044e\u0442\u044c \u043b\u043e\u0433\u0438 \u0456 \u043e\u0431\u0445\u043e\u0434\u044f\u0442\u044c \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0456\u044e \u043c\u0435\u0440\u0435\u0436. \u0414\u043b\u044f \u0441\u0442\u0456\u0439\u043a\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u0437\u0430\u0441\u0442\u043e\u0441\u043e\u0432\u0443\u044e\u0442\u044c V2Ray, \u0444\u0430\u043b\u044c\u0448\u0438\u0432\u0456 \u0432\u0456\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u0456 \u043c\u0430\u0448\u0438\u043d\u0438 \u0442\u0430 \u043f\u0456\u0434\u0440\u043e\u0431\u043b\u0435\u043d\u0456 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u0456 \u0444\u0430\u0439\u043b\u0438 \u2699\ufe0f #cybernews", "creation_timestamp": "2025-07-25T16:20:07.000000Z"}, {"uuid": "9ceb88cb-4f64-416d-aafd-26837b65678f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/ap_security/217", "content": "\ud83c\udf10VMware \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u0438\u043b\u0430 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 vCenter Server\n\n\ud83d\udee1\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u0431\u0440\u0435\u0448\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430\n\n\ud83d\udee1\u0411\u0430\u0433\u0443 \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2023-34048 \u0438 \u0434\u0430\u043b\u0438 9,8 \u0431\u0430\u043b\u043b\u0430 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS\n\n\ud83d\udee1\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f vCenter 7.0 \u0438 8.0, Cloud Foundation 5.x \u0438 4.\u0445\n\n#itnews #infosec #cve", "creation_timestamp": "2023-10-25T18:55:53.000000Z"}, {"uuid": "bd3b70af-e788-4939-9313-3d42a317b5f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34048", "type": "seen", "source": "https://t.me/ctinow/145283", "content": "https://ift.tt/jnxSrUh\nVMware patches critical vulnerability in vCenter Server (CVE-2023-34048)", "creation_timestamp": "2023-10-25T13:44:06.000000Z"}]}